CVE-2020-35276

CRITICAL

EgavilanMedia ECM Address Book 1.0 - SQL Injection via Admin Login Panel Bypass

Title source: llm
STIX 2.1

Description

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0153
EPSS Percentile 71.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
egavilanmedia/ecm_address_book 1.0
Published Dec 21, 2020
Tracked Since Feb 18, 2026